package com.helger.as2lib.crypto;

import com.helger.as2lib.exception.OpenAS2Exception;
import com.helger.as2lib.exception.WrappedOpenAS2Exception;
import com.helger.as2lib.util.CAS2Header;
import com.helger.as2lib.util.IOHelper;
import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.base64.Base64;
import com.helger.commons.collection.CollectionHelper;
import com.helger.commons.collection.ext.CommonsArrayList;
import com.helger.commons.io.file.FileHelper;
import com.helger.commons.io.stream.NullOutputStream;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.commons.lang.priviledged.AccessControllerHelper;
import com.helger.commons.string.StringHelper;
import com.helger.commons.system.SystemProperties;
import com.helger.mail.cte.EContentTransferEncoding;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.mail.MessagingException;
import javax.mail.internet.ContentType;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMultipart;
import javax.mail.internet.MimeUtility;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
import org.bouncycastle.mail.smime.SMIMESignedParser;
import org.bouncycastle.mail.smime.SMIMEUtil;
import org.bouncycastle.mail.smime.handlers.multipart_signed;
import org.bouncycastle.mail.smime.handlers.pkcs7_mime;
import org.bouncycastle.mail.smime.handlers.pkcs7_signature;
import org.bouncycastle.mail.smime.handlers.x_pkcs7_mime;
import org.bouncycastle.mail.smime.handlers.x_pkcs7_signature;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/helger/as2lib/crypto/BCCryptoHelper.class */
public final class BCCryptoHelper implements ICryptoHelper {
    private static final Logger s_aLogger = LoggerFactory.getLogger(BCCryptoHelper.class);
    private static final File s_aDumpDecryptedDirectory;

    public BCCryptoHelper() {
        Security.addProvider(new BouncyCastleProvider());
        MailcapCommandMap defaultCommandMap = CommandMap.getDefaultCommandMap();
        defaultCommandMap.addMailcap("application/pkcs7-signature;; x-java-content-handler=" + pkcs7_signature.class.getName());
        defaultCommandMap.addMailcap("application/pkcs7-mime;; x-java-content-handler=" + pkcs7_mime.class.getName());
        defaultCommandMap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=" + x_pkcs7_signature.class.getName());
        defaultCommandMap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=" + x_pkcs7_mime.class.getName());
        defaultCommandMap.addMailcap("multipart/signed;; x-java-content-handler=" + multipart_signed.class.getName());
        AccessControllerHelper.run(() -> {
            CommandMap.setDefaultCommandMap(defaultCommandMap);
            return null;
        });
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public KeyStore createNewKeyStore() throws KeyStoreException, NoSuchProviderException {
        return KeyStore.getInstance("PKCS12", "BC");
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public KeyStore loadKeyStore(@Nullable InputStream inputStream, @Nonnull char[] cArr) throws Exception {
        KeyStore createNewKeyStore = createNewKeyStore();
        if (inputStream != null) {
            createNewKeyStore.load(inputStream, cArr);
        }
        return createNewKeyStore;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    @Deprecated
    public KeyStore loadKeyStore(@Nonnull String str, @Nonnull char[] cArr) throws Exception {
        InputStream inputStream = FileHelper.getInputStream(str);
        try {
            KeyStore loadKeyStore = loadKeyStore(inputStream, cArr);
            StreamHelper.close(inputStream);
            return loadKeyStore;
        } catch (Throwable th) {
            StreamHelper.close(inputStream);
            throw th;
        }
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    public boolean isEncrypted(@Nonnull MimeBodyPart mimeBodyPart) throws MessagingException {
        String parameter;
        ValueEnforcer.notNull(mimeBodyPart, "Part");
        ContentType contentType = new ContentType(mimeBodyPart.getContentType());
        return contentType.getBaseType().toLowerCase(Locale.US).equals("application/pkcs7-mime") && (parameter = contentType.getParameter("smime-type")) != null && parameter.equalsIgnoreCase("enveloped-data");
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    public boolean isSigned(@Nonnull MimeBodyPart mimeBodyPart) throws MessagingException {
        ValueEnforcer.notNull(mimeBodyPart, "Part");
        return new ContentType(mimeBodyPart.getContentType()).getBaseType().equalsIgnoreCase("multipart/signed");
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    public boolean isCompressed(@Nonnull String str) throws OpenAS2Exception {
        ValueEnforcer.notNull(str, "ContentType");
        try {
            String parameter = new ContentType(str).getParameter("smime-type");
            if (parameter != null) {
                if (parameter.equalsIgnoreCase("compressed-data")) {
                    return true;
                }
            }
            return false;
        } catch (MessagingException e) {
            throw WrappedOpenAS2Exception.wrap(e);
        }
    }

    @Nonnull
    @ReturnsMutableCopy
    private static byte[] _getAsciiBytes(@Nonnull String str) {
        char[] charArray = str.toCharArray();
        int length = charArray.length;
        byte[] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = (byte) charArray[i];
        }
        return bArr;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public String calculateMIC(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull ECryptoAlgorithmSign eCryptoAlgorithmSign, boolean z) throws GeneralSecurityException, MessagingException, IOException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(eCryptoAlgorithmSign, "DigestAlgorithm");
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("BCCryptoHelper.calculateMIC (" + eCryptoAlgorithmSign + " [" + eCryptoAlgorithmSign.getOID().getId() + "], " + z + ")");
        }
        MessageDigest messageDigest = MessageDigest.getInstance(eCryptoAlgorithmSign.getOID().getId(), "BC");
        if (z) {
            byte[] bArr = {13, 10};
            Enumeration allHeaderLines = mimeBodyPart.getAllHeaderLines();
            while (allHeaderLines.hasMoreElements()) {
                messageDigest.update(_getAsciiBytes((String) allHeaderLines.nextElement()));
                messageDigest.update(bArr);
            }
            messageDigest.update(bArr);
        }
        DigestOutputStream digestOutputStream = new DigestOutputStream(new NullOutputStream(), messageDigest);
        Throwable th = null;
        try {
            OutputStream encode = MimeUtility.encode(digestOutputStream, mimeBodyPart.getEncoding());
            Throwable th2 = null;
            try {
                try {
                    mimeBodyPart.getDataHandler().writeTo(encode);
                    if (encode != null) {
                        if (0 != 0) {
                            try {
                                encode.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            encode.close();
                        }
                    }
                    String str = Base64.encodeBytes(messageDigest.digest()) + ", " + eCryptoAlgorithmSign.m17getID();
                    if (s_aLogger.isDebugEnabled()) {
                        s_aLogger.debug("  MIC = " + str);
                    }
                    return str;
                } finally {
                }
            } catch (Throwable th4) {
                if (encode != null) {
                    if (th2 != null) {
                        try {
                            encode.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        encode.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (digestOutputStream != null) {
                if (0 != 0) {
                    try {
                        digestOutputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    digestOutputStream.close();
                }
            }
        }
    }

    private static void _dumpDecrypted(@Nonnull byte[] bArr) {
        File file;
        int i = 0;
        do {
            file = new File(s_aDumpDecryptedDirectory, "as2-decrypted-" + Long.toString(new Date().getTime()) + "-" + i + ".part");
            i++;
        } while (file.exists());
        s_aLogger.info("Dumping decrypted MIME part to file " + file.getAbsolutePath());
        OutputStream outputStream = FileHelper.getOutputStream(file);
        try {
            try {
                outputStream.write(bArr);
                StreamHelper.close(outputStream);
            } catch (IOException e) {
                s_aLogger.error("Failed to dump decrypted MIME part to file " + file.getAbsolutePath(), e);
                StreamHelper.close(outputStream);
            }
        } catch (Throwable th) {
            StreamHelper.close(outputStream);
            throw th;
        }
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart decrypt(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull X509Certificate x509Certificate, @Nonnull PrivateKey privateKey, boolean z) throws GeneralSecurityException, MessagingException, CMSException, SMIMEException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(x509Certificate, "X509Cert");
        ValueEnforcer.notNull(privateKey, "PrivateKey");
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("BCCryptoHelper.decrypt; X509 subject=" + x509Certificate.getSubjectX500Principal().getName() + "; forceDecrypt=" + z);
        }
        if (!z && !isEncrypted(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type indicates data isn't encrypted: " + mimeBodyPart.getContentType());
        }
        RecipientInformation recipientInformation = new SMIMEEnveloped(mimeBodyPart).getRecipientInfos().get(new JceKeyTransRecipientId(x509Certificate));
        if (recipientInformation == null) {
            throw new GeneralSecurityException("Certificate does not match part signature");
        }
        byte[] content = recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC"));
        if (s_aDumpDecryptedDirectory != null) {
            _dumpDecrypted(content);
        }
        return SMIMEUtil.toMimeBodyPart(content);
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart encrypt(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull X509Certificate x509Certificate, @Nonnull ECryptoAlgorithmCrypt eCryptoAlgorithmCrypt) throws GeneralSecurityException, SMIMEException, CMSException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(x509Certificate, "X509Cert");
        ValueEnforcer.notNull(eCryptoAlgorithmCrypt, "Algorithm");
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("BCCryptoHelper.encrypt; X509 subject=" + x509Certificate.getSubjectX500Principal().getName() + "; algorithm=" + eCryptoAlgorithmCrypt);
        }
        x509Certificate.checkValidity();
        ASN1ObjectIdentifier oid = eCryptoAlgorithmCrypt.getOID();
        SMIMEEnvelopedGenerator sMIMEEnvelopedGenerator = new SMIMEEnvelopedGenerator();
        sMIMEEnvelopedGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate).setProvider("BC"));
        return sMIMEEnvelopedGenerator.generate(mimeBodyPart, new JceCMSContentEncryptorBuilder(oid).setProvider("BC").build());
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart sign(@Nonnull MimeBodyPart mimeBodyPart, @Nonnull X509Certificate x509Certificate, @Nonnull PrivateKey privateKey, @Nonnull ECryptoAlgorithmSign eCryptoAlgorithmSign, boolean z, boolean z2) throws GeneralSecurityException, SMIMEException, MessagingException, OperatorCreationException {
        ValueEnforcer.notNull(mimeBodyPart, "MimeBodyPart");
        ValueEnforcer.notNull(x509Certificate, "X509Cert");
        ValueEnforcer.notNull(privateKey, "PrivateKey");
        ValueEnforcer.notNull(eCryptoAlgorithmSign, "Algorithm");
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("BCCryptoHelper.sign; X509 subject=" + x509Certificate.getSubjectX500Principal().getName() + "; algorithm=" + eCryptoAlgorithmSign + "; includeCertificateInSignedContent=" + z);
        }
        x509Certificate.checkValidity();
        JcaCertStore jcaCertStore = new JcaCertStore(new CommonsArrayList(x509Certificate));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
        sMIMECapabilityVector.addCapability(eCryptoAlgorithmSign.getOID());
        aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
        SMIMESignedGenerator sMIMESignedGenerator = new SMIMESignedGenerator(z2 ? SMIMESignedGenerator.RFC3851_MICALGS : SMIMESignedGenerator.RFC5751_MICALGS);
        sMIMESignedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").setSignedAttributeGenerator(new AttributeTable(aSN1EncodableVector)).build(eCryptoAlgorithmSign.getSignAlgorithmName(), privateKey, x509Certificate));
        if (z) {
            sMIMESignedGenerator.addCertificates(jcaCertStore);
        }
        MimeMultipart generate = sMIMESignedGenerator.generate(mimeBodyPart);
        MimeBodyPart mimeBodyPart2 = new MimeBodyPart();
        mimeBodyPart2.setContent(generate);
        mimeBodyPart2.setHeader(CAS2Header.HEADER_CONTENT_TYPE, generate.getContentType());
        return mimeBodyPart2;
    }

    @Nonnull
    private X509Certificate _verifyFindCertificate(@Nullable X509Certificate x509Certificate, boolean z, @Nonnull SMIMESignedParser sMIMESignedParser) throws CMSException, CertificateException, GeneralSecurityException {
        X509Certificate x509Certificate2 = x509Certificate;
        if (z) {
            SignerId signerId = null;
            Iterator it = sMIMESignedParser.getSignerInfos().getSigners().iterator();
            if (it.hasNext()) {
                signerId = ((SignerInformation) it.next()).getSID();
            }
            Collection matches = sMIMESignedParser.getCertificates().getMatches(signerId);
            if (!matches.isEmpty()) {
                if (matches.size() > 1) {
                    s_aLogger.warn("Signed part contains " + matches.size() + " certificates - using the first one!");
                }
                X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) CollectionHelper.getFirstElement(matches));
                if (x509Certificate != null && !x509Certificate.equals(certificate)) {
                    s_aLogger.warn("Certificate mismatch! Provided certificate\n" + x509Certificate + " differs from certficate contained in message\n" + certificate);
                }
                x509Certificate2 = certificate;
            }
        }
        if (x509Certificate2 == null) {
            throw new GeneralSecurityException("No certificate provided" + (z ? " and none found in the message" : "") + "!");
        }
        return x509Certificate2;
    }

    @Override // com.helger.as2lib.crypto.ICryptoHelper
    @Nonnull
    public MimeBodyPart verify(@Nonnull MimeBodyPart mimeBodyPart, @Nullable X509Certificate x509Certificate, boolean z, boolean z2) throws GeneralSecurityException, IOException, MessagingException, CMSException, OperatorCreationException {
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("BCCryptoHelper.verify; X509 subject=" + (x509Certificate == null ? "null" : x509Certificate.getSubjectX500Principal().getName()) + "; useCertificateInBodyPart=" + z + "; forceVerify=" + z2);
        }
        if (!z2 && !isSigned(mimeBodyPart)) {
            throw new GeneralSecurityException("Content-Type indicates data isn't signed: " + mimeBodyPart.getContentType());
        }
        SMIMESignedParser sMIMESignedParser = new SMIMESignedParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), (MimeMultipart) mimeBodyPart.getContent(), EContentTransferEncoding.AS2_DEFAULT.getID());
        X509Certificate _verifyFindCertificate = _verifyFindCertificate(x509Certificate, z, sMIMESignedParser);
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug(_verifyFindCertificate == x509Certificate ? "Verifying signature using the provided certificate (partnership)" : "Verifying signature using the certificate contained in the MIME body part");
        }
        _verifyFindCertificate.checkValidity();
        SignerInformationVerifier build = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(_verifyFindCertificate.getPublicKey());
        Iterator it = sMIMESignedParser.getSignerInfos().getSigners().iterator();
        while (it.hasNext()) {
            if (!((SignerInformation) it.next()).verify(build)) {
                throw new SignatureException("Verification failed");
            }
        }
        return sMIMESignedParser.getContent();
    }

    static {
        String propertyValueOrNull = SystemProperties.getPropertyValueOrNull("AS2.dumpDecryptedDirectory");
        if (!StringHelper.hasText(propertyValueOrNull)) {
            s_aDumpDecryptedDirectory = null;
            return;
        }
        s_aDumpDecryptedDirectory = new File(propertyValueOrNull);
        IOHelper.getFileOperationManager().createDirIfNotExisting(s_aDumpDecryptedDirectory);
        s_aLogger.info("Using directory " + s_aDumpDecryptedDirectory.getAbsolutePath() + " to dump all decrypted body parts to.");
    }
}
